Privacy
Privacy Policy
This policy explains how Star Tarot handles personal data, ritual content, and analytics signals so every reading remains sacred.
- Last updated
- 2025-11-16
- Contact
- privacy@startarot.app
Data Scope
What we collect
We collect only the details required to power the Star Tarot experience—account credentials, billing references, tarot prompts, spread selections, and device diagnostics for debugging.
Sensitive rituals remain encrypted at rest. Optional fields (such as journal reflections) stay local until you explicitly sync them to the workspace.
- Account basics: display name, email, locale preference, and sign-in events.
- Tarot activity: intent questions, spread ids, draw sequences, and resonance feedback.
- Usage diagnostics: anonymised device type, latency metrics, and crash traces.
Processing
How we use your data
Data powers intent suggestions, spread recommendations, and the AI narration that animates your reading. We also aggregate anonymised telemetry to maintain stability across browsers and devices.
Retention follows the lifetime of your account. You may request deletion at any time and we will purge active services plus backups within 30 days, except where law requires longer retention.
- Tailor rituals: surface relevant spreads and shuffle cues based on your history.
- Safeguard quality: analyse latency, crash patterns, and abuse signals to keep the platform calm and secure.
Control
Your choices & rights
You can review or export ritual history, update consent preferences, and disable analytics from workspace settings. Contact us to rectify, restrict, or erase remaining records.
We respond to verified requests within 15 working days. Identity confirmation may require a signed statement to keep readings private.
Third Parties
When data is shared
We rely on vetted infrastructure vendors (hosting, observability, payment) bound by data-processing agreements. They may only process information to deliver the contracted service.
We never sell tarot data. If law enforcement presents a lawful request, we will notify you whenever allowed and share only what is required.
Security
Protecting your ritual
Transport Layer Security (TLS 1.3), encrypted storage, role-based access, and regular penetration tests ensure that only trusted systems interact with your readings.
If we detect a breach, we will notify affected accounts, outline mitigation steps, and provide follow-up status updates.
Updates
Policy updates & contact
Significant changes will be announced in the changelog and via in-app notices at least 7 days before they take effect.
Questions or requests can be sent to privacy@startarot.app. Please include the email tied to your workspace so we can help quickly.
